Werewolf Sharpening Known Stealer for New Attacks

May 29, 2024, 11:29 a.m.

Description

An analysis reveals that threat actors have developed custom malware based on the open-source SapphireStealer to harvest credentials from employees of Russian companies. The malicious operation involves deploying a modified version of the stealer malware, specifically tailored to target organizations within Russia, with the aim of exfiltrating authentication data from their systems.

Date

Published: May 29, 2024, 11:01 a.m.

Created: May 29, 2024, 11:01 a.m.

Modified: May 29, 2024, 11:29 a.m.

Indicators

5c01531a6b7f25b92e9a2d0d67fe7057813140d2c60dc0bb356b190aa91a5857

301d00aeae52011530370dcf32d0b68ebdcec291d94501b90a44dcc9a714e595

204bcbb030856bfbd7f4b5edad94e17e61a3d44cde88dbcf4f6a30adb786d1a6

Attack Patterns

SapphireStealer

Sapphire Werewolf

T1589

T1567

T1113

T1053

T1003

T1059

Additional Informations

Russian Federation